Nuclear Regulator hacked “by foreign power”

Nice exclusive for Nextgov. Not your common or garden ID theft, but definitely a common or garden spearphishing attack:

Nuclear Regulatory Commission computers within the past three years were successfully hacked by foreigners twice and also by an unidentifiable individual, according to an internal investigation.

One incident involved emails sent to about 215 NRC employees in “a logon-credential harvesting attempt,” according to an inspector general report Nextgov obtained through an open-records request.

There’s plenty of information held by the likes of the NRC which would be very useful to foreign governments, but also to the kinds of hackers who sell data like this on the black market. And the malware they deployed doesn’t sound particularly complicated.